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Abstract 

In a recent paper pQ, Zhang and Xiao describe a technique on constructing almost optimal 
resilient functions on even number of variables. In this paper, we will present an extensive study 
of the constructions of almost optimal resilient functions by using the generalized Maiorana- 
McFarland (GMM) construction technique. It is shown that for any given m, it is possible to 
construct infinitely many n- variable (n even), m-resilient Boolean functions with nonlinearity 
equal to 2"~ 1 — 2" / ' 2 ~ 1 — 2 fe ~ 1 where k < n/2. A generalized version of GMM construction 
is further described to obtain almost optimal resilient functions with higher nonlinearity. We 
then modify the GMM construction slightly to make the constructed functions satisfying strict 
avalanche criterion (SAC). Furthermore we can obtain infinitely many new resilient functions 
with nonlinearity > 2"~ 2 — 2(™~ 1 '/ 2 (n odd) by using Patterson- Wiedemann functions or Kavut- 
Yticel functions. Finally, we provide a GMM construction technique for multiple-output almost 
optimal m-resilient functions F : i-4 F£ (n even) with nonlinearity > 2" _1 — 2™/ 2 . Using 
the methods proposed in this paper, a large class of previously unknown cryptographic resilient 
functions are obtained. 

Keywords: Boolean functions, nonlinearity, resiliency, stream ciphers, strict avalanche crite- 
rion. 

1 Introduction 

Confusion and diffusion, introduced by Shannon [2], are two important principles used in the design 
of symmetric cryptosystems (stream ciphers and block ciphers). Boolean functions possessing 
multiple cryptographic criteria play an important role in enforcing these principles. The following 
criteria for cryptographic Boolean functions are often considered: high nonlinearity, high resiliency, 
high algebraic degree and strict avalanche criterion (SAC). The tradeoffs among these criteria are 
difficult problems and have received lots of attention. By an (n,m,d, Nj) function we mean an n- 
variable, m-resilient Boolean function / with algebraic degree d and nonlinearity Nf. Siegenthaler 
[3] and Xiao [J] proved that d < n — m — 1 for n-variable, m-resilient functions. Such a function, 
reaching this bound, is called degree-optimized. For relations between SAC and resiliency, one can 
find in [5], [6]. 

Construction of resilient functions with high nonlinearity has been a challenging research prob- 
lem in cryptography for twenty years [7j |8j |9j [ 10] |llj |12j |13j |14j [T] . On even number of variables n, 
Bent functions [15] achieve optimal nonlinearity 2 n_1 — 2 n ' 2—1 , but they are not resilient and their 
algebraic degrees are not more than n/2. For the case when n > 9 is odd, the maximum achievable 
value of Nf is unknown in general, and we know only that it is strictly larger than 2 n_1 — 2( n ~ 1 ^ 2 
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|16j . (For odd n < 7, the optimal nonlinearity of n- variable functions is 2 n ~ 1 — 2( n ~ 1 )/ 2 .) An 
n- variable Boolean function / is said to be almost optimal if Nf > 2 n ~ 1 — 2 L^/sJ _ xh e problem how 
tight is the nonlinearity bound of resilient Boolean functions remains open. Construction of almost 
optimal resilient functions has been discussed in [IT] . [12] . [13] . [14] , pQ, and will also be extensive 
studied in this paper. 

A classical class of cryptographic Boolean functions are the Maiorana-McFarland (M-M) class 
which can ensure many of the criteria above mentioned. For more detailed information about M-M 
class functions please see [17] pQ and their references. In this paper, we will introduce a generalized 
Maiorana-McFarland (GMM) construction technique to obtain almost optimal resilient functions. 

The organization of this paper is as follows. In Section 2, the basic concepts and notions are 
presented. Section 3 describes the GMM construction technique. The resilient functions satisfying 
SAC with very high nonlinearity are constructed. The degree of the GMM type resilient functions 
can also be optimized. In Section 4, by using Patterson- Wiedemann functions or Kavut-Yiicel 
functions, many new n-variable resilient functions with nonlinearity > 2 n ~ 2 — 2^ n ~ 1 ^ 2 (n odd) are 
obtained. In section 5, we provide a construction technique for multiple-output resilient functions 
on n variables (n even) with nonlinearity > 2™ _1 — 2 n / 2 . Section 6 concludes the paper with several 
open problems. 

2 Preliminary 

Let B n denote the set of Boolean functions of n variables. A Boolean function f(X n ) G B n is a 
function from to F2, where X n = {x\,--- ,x n ) G Fg and Fg is the vector space of tuples of 
elements from F2. To avoid confusion with the additions of integers in M, denoted by + and Sj, we 
denote the additions over F2 by © and @j. For simplicity, we denote by + the addition of vectors 
of Fg. f(X n ) is generally represented by its algebraic normal form (ANF): 

n 

f(x n ) = A u (]>r) a) 

«eF™ i=i 

where X u G F2, u = (u±, ■ ■ ■ , u n ). The algebraic degree of f(X n ), denoted by deg(f), is the maximal 
value of wt(u) such that A n 7^ 0, where wt(u) denotes the Hamming weight of u. / is called an 
affine function when deg(f) = 1. An affine function with constant term equal to zero is called a 
linear function. Any linear function on FJ? is denoted by: 

0J ■ X n = U)\X\ © • • • © 0J n X n , 

where u = (wi, • • • ,uj n ), X n = (xi, ■ ■ ■ ,x n ) G FJj. The Walsh spectrum of / G B n in point cj is 
denoted by Wf(u) and calculated by 

W f (w) = (-l) /(x " )ew ' x ". (2) 

f G B n is said to be balanced if its output column in the truth table contains equal number of 0's 
and l's (i.e. W/(0) = 0). 

In [3], a spectral characterization of resilient functions has been presented. 

Lemma 1: A n-variable Boolean function is m-resilient if and only if its Walsh transform 
satisfies 

Wf(u) = 0, for < wt(u) < m, uj G FJ. (3) 
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In term of Walsh spectra, the nonlinearity of / G B n is given by [18] 

Nf = 2"~ l - - • max \W f (u)\. (4) 

Definition 1: The Boolean function / G B n is said to be almost optimal if 

• Nf > 2 n_1 — 2 n / 2 , when n is even; 

• N f > T l - X - 2( n ~ 1 )/ 2 , when n is odd. 

The autocorrelation function of / € B n is defined by 

A/(a) = (-l) f(x ^ x " + ^ (5) 

The SAC was introduced by Webster and Tavares [TO]. / satisfies SAC if 

A/(a) = 0, for iot(a) = 1. (6) 

Definition 2 (J^): The functions of original M-M class are defined as follows: For any positive 
integers p, q such that n = p + q an M-M function is a function f £ B n defined by 

f(Y q , X p ) = <l>(Y q ) ■ X p 7r(Y q ), X p G ¥ p 2 , Y q G F* (7) 

where <j) is any mapping from ¥\ to Fg and it G B q . 

3 GMM construction 

This section presents two versions of GMM construction methods for constructing almost opti- 
mal resilient functions. The SAC and degree optimization of the GMM type functions are also 
considered. 

3.1 A reduced version 

Construction 1: Let n > 12 be even, and let m be a positive integer such that there exists an 
integer k with 

k= min {s\2 n / 2 - s -y( n/2 )< Y ( S )}. (8) 

Let 

T = {a | wt(a) > m, a G F™ /2 } (9) 

and 

Ti = {c | urt(c) > m, c G F^}. (10) 
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n/2 

Let Eq be any subset of F 2 with 



n/2 



i=m+l ^ ' 
n/2 n/2 

Let £^0 = ^2 \ -^o an d £4 = £{) x F 2 • Denote by 0o an Y bijective mapping from To to To, 
4>\ any injective mapping from E\ to Ti. Let X n = (x%, ■ ■ ■ ,x n ) € F^, X[ = (x±,--- ,Xt) € F| 
and -X^_ t = • • • ,x n ) G Fg - * where i € {n/2, A;}. Then we construct the function / € B n as 

follows: 

Remark: For Inequality ([8]) holds, we always have \E%\ < |Ti|. So we can find an injective 
mapping (f>\. 

Theorem 1: Let / S IFj be as in Construction 1. Then / is an almost optimal (n,m,d, Nf) 
function with 

N f = 2 n ~ 1 - 2 n / 2 ~ x - 2 k ~ 1 . (13) 
Let 4>i(X' n _ k )j be the j-th component of (f>i(X' n _ k ), where 1 < j < k. If 

MK-k)i = i (14) 

x' , eE 1 

n — K L 

for some j, then eZ = n — k + 1. 

Proof: For any w = (u>i, •■■ ,w n ) 6Fj we have 

^( w ) = (-l)^ x ")®^- x " = 5 + 5i (15) 



where 



5 Q = ^ (_l)( W l'-' W «/2) ,X n/2 ^ (-_ 1 )(</ , o( X n/2) + ( W n/2+l'-^n))-^" / 2 (16) 



1/2 2 



Case 1: < wt ((^ n /2+i; " " " i w n)) < rn. 

Since 0o is a mapping from Eq to To, from ([9]), we have wt((f> (X' n , 2 )) > m + 1. Obviously, 

^oPC/2) + ( W n/2+ir-- ,^ n )/0. Thus 

^ (_l)(*o( X n/2) + ( a; «/2+l'---. w "))- X "/2 = (18) 

We obtain So = 0. Similarly, for < wt ((w n _fc +1 , • • • ,uj n )) < m and wt((f) 1 (X' n _ k )) > m + 1, we 
have 0i(X^_ fc ) + (w n _ fc+ i, • • • ,w„) 7^ 0. we have 

^ (_l)(0l(^_fc) + (Wn-fc+l,-,Wn))--^fe _ (19) 
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Thus, 5i = 0. Then we have W f (io) = 0. 

Obviously, when < wt{uS) < m, we always have < wt(oj n / 2 +i, • • • ,w n ) < m. Hence, 
Wf(u) = 0. By Lemma 1, / is an m-resilient function. 

Case 2: wt ((w n / 2+1 , • • • ,w n )) > m + 1. 

In this case, for 4>q is a bijective mapping from Eq to To, we have <^>~ 1 (w n / 2 +i, ■ ■ ■ ,w„) G i?o- 
When X' n/2 = (j)^ 1 (u n / 2 +i, • • • ,w n ), we have 

^o«/ 2 ) + K/2+l,--- ,w„) = 0. (20) 

Then 

(_l)^o( X n/2) + ( W n/2+l.-^«))-^'/2 = 2 n/2 (21) 

When X^ /2 / ^~ 1 (w n / 2+ i, • • • ,w n ), we have 

^ (_l)(^o( X n/2) + ( W "/2+l'---' aJ ™))- X ^'/2 = 0. (22) 

Hence, 

g — f l\(vi>- ,w n / 3 )-0~ 1 (w„/ 2 +ir-- ,w n ) . 2 n / 2 g {±2 n / 2 } (23) 
Since </>i is an injective mapping from to Tj, we have 

(_l)(*(Ct)+K-HirA))^ = | ^ if X 'n-k + 01 ( w n-fc+l>--- > w n) ^ 

I 2 * if X n-fc = 01 Vn-fc+1,"-- ,W„). 

Hence, 

5iG{0,±2 fe } (25) 

Then we have 

W f (u) e {0, ±2 n/2 , ±(2 n/2 - 2 fe ), ±(2 n/2 + 2 k )}. (26) 

Obviously, 

max.\W f (u)\ = 2 n / 2 + 2 k (27) 

From (HD, / is almost optimal with TV/ = 2™- 1 - 2 n / 2 ~ 1 - 2 k ~ 1 . 

If the equality ([II]) holds, then the term xix 2 • • • x n _kXn-k+j will appear in the ANF of /. 
Hence, deg(f) = n — k + 1. □ 

Using the method proposed in Construction 1, for the first time, the almost optimal resilient 
functions proposed in Table 1 can be constructed. A list of more examples and corresponding 
cryptographic parameters can be found in Appendix 1 and Appendix 2. 
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Table 1: Achieved Nf for n- variable, m-resilient functions 



n 


m 


Nf 


n 


m 


Nf 


n 


m 


iV7 


24 


1 


2 23 _ 


2 n 


-2 V 


62 


2 


2 61 


_ 2 3U 


_ 2 19 


42 




5 


2 41 


_ 2 2U 


-2 iV 


28 


1 


2 27 _ 


2 13 


-2 8 


88 


2 


2 87 


_ 2 43 


_ 2 26 


74 




5 


2 73 


_ 2 36 


_ 2 27 


54 


1 


2 53 _ 


2 26 


_ 2 15 


20 


3 


2 19 


-2 9 - 


-2 8 


52 




7 


2 51 


_ 2 25 


_ 2 22 


58 


1 


2 58 _ 


2 28 


_ 2 16 


36 


3 


2 35 


-2 17 


_ 2 13 


70 




8 


2 69 


_ 2 34 


_ 2 29 


30 


2 


2 29 _ 


2 14 


_ 2 io 


62 


3 


2 61 


_ 2 30 


_ 2 21 


62 




9 


2 61 


_ 2 30 


- 2 27 


44 


2 


2 43 _ 


2 21 


_ 2 14 


92 


3 


2 91 


_ 2 45 


_ 2 29 


74 




10 


2 73 


_ 2 36 


_ 2 32 



3.2 Generalized version 

Let for 1 < i < n - 1, Ei C F™ _i and ^ = ^x F J 2 such that 

n-1 

(J ^ = F 2 (28) 
i=i 

and 

n £4 = 0, 1 < h < i 2 < n - 1. (29) 
Let <7j € 2? n _j and <fo be a mapping from F^ - * to F 2 . Let 

X n = (xi,-- - ,x„) GF^, 

and 

A^ = (z m ,... ,x n )GFr'. 
A cryptographic Boolean function can be constructed as follows: 

f(X n ) = </, i (X' n _ i )-Xi'®g i (X' n _ i ), if i = l,2,--. ,n-l (30) 

where ^ € <B n _j. If for 1 < i < n — 1, fa is injective mapping and 



i*i < E 

j=m+l 

then / is an (n, m, — , iVj) function with 

n-1 

iV/ = T- 1 - £ ai^- 1 (31) 
i=i 

where 

_ / if^ = 
° l ~ \ 1 if Ei + 0. 1 J 

Especially, when for n/2 + 1 < % < n — 1, Ei = 0, we always have iV/ > 2 n_1 - 2 n / 2 . 

Using the generalized version of GMM construction, we can provide functions having parameters 
which cannot be constructed using the reduced version. Examples for resilient functions which were 
not known earlier can be found in Table 2. 
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Table 2: Examples for (n, m, d, Nt) resilient functions which were not known earlier 



(32,l,26,2 3i - 2 


15 _ 


2 9 -2 


? -2«) 


(96, 3, 67, 2 95 - 


2 4V_ 


2 3U_ 


2 29 ) 


(36, 1,27, 2 35 - 


-2 17 


_ 2 io _ 


-2 9 ) 


(30,4, 19, 2 29 - 


2 14_ 


2 12 _ 


2 11 ) 


(62, 1,53, 2 61 - 2 30 -S 


» 17 -2 


L0 _ 2 9) 


(36, 4, 24, 2 35 - 


2 17 - 


2 14 _ 


2 12 ) 


(66,1,55 , 2 65 - 2 32 - 2 18 - 2 16 - 2 n ) 


(52, 4, 34, 2 51 - 


2 25 _ 


2 19 _ 


2 18 ) 


(70, 1,52 , 2 69 - 


2 d4 


- 2 y - 


- 2 iS ) 


(62, 4, 41, 2 61 - 


2 30 _ 


2 22 _ 


2 21 ) 


(74, 1, 55, 2 li - 




- 2 u - 


- 2 iy ) 


(72 , 4, 51, 2 71 - 2 35 - 2 25 - 2 22 - 2 21 ) 


(20, 2, 15, 2 iy 


oil 

- 2 y 


— 2- 


2°) 


(86, 4, 59, 2 85 - 


2 42 _ 


2 29 _ 


2 27 ) 


/'o/i o o/| o33 


9I6 


— L — 


' 1 ) 


(40, 6, 25, 2 39 - 


2 19 _ 


2 17 - 


2 15 ) 


(48, 2, 34, 2 47 - 


2 23 


_ 2 15 _ 


-2 14 ) 


(46, 6, 28, 2 45 - 


2 22 _ 


2 19 _ 


2 18 ) 


(66, 2, 47, 2 65 - 


2 32 


_ 2 20 _ 


-2 19 ) 


(52, 6, 32, 2 51 - 


2 25 _ 


2 21 _ 


2 20) 


(70, 2, 50, 2 69 - 


2 34 


_ 2 21 _ 


-2 20 ) 


(58, 6, 36, 2 57 - 


2 28 _ 


2 23 _ 


2 22) 


(92, 2, 67, 2 91 - 


2 45 


- 2 27 - 


. 225) 


(44, 7, 26, 2 43 - 


2 21 _ 


2 19 _ 


2 18 ) 


(96, 2, 69, 2 95 - 


2 47 


- 2 28 - 


-2 27 ) 


(58,7,38,2 57 - 2 28 - 2 24 - 2 22 - 2 20 ) 


(100,2,72,2" - 


_ 2 49 


_ 2 29 . 


_ 2 28) 


(70, 7, 44, 2 69 - 


2 34 _ 


2 28 _ 


2 26) 


(30, 3, 20, 2 29 - 


2 14 


-2 11 - 


-2 10 ) 


(56, 8, 33, 2 55 - 


2 27 _ 


2 24 _ 


2 23) 


(46, 3, 33, 2 45 - 


2 22 


_ 2 16 _ 


-2 13 ) 


(54, 9, 31, 2 53 - 


2 26 _ 


2 24 _ 


2 23) 


(60, 3, 41, 2 59 - 


_ 2 29 


_ 2 20- 


2 19 ) 


(68, 9, 40, 2 67 - 


2 33 _ 


2 29 _ 


2 28) 


(74, 3, 52, 2 73 - 


2 36 


- 2 24 - 


, 2 22) 


(66, 10,38, 2 65 - 


- 2 32 - 


- 2 29 - 


_ 2 28) 


(78, 3, 54, 2 77 - 


2 38 


- 2 25 - 


-2 24 ) 


(86, 10,51, 2 85 - 


- 2 42 - 


- 2 36 - 


_ 2 35) 



3.3 SAC 

To the best of our knowledge, the nonlinearity values of the known constructed resilient function 
satisfying SAC are not more than 2 n ~ l — 2l™/ 2 J [20j[llJ. In this section, we present a method to 
obtain GMM type resilient functions satisfying SAC with nonlinearity > 2 n ~ 1 — 2L n / 2 J. 

Construction 2: Let n > 12 be even, and let m be a positive integer such that there exists 
an integer k 1 with 

m , ,„s S— 771+1 / \ 

' 1=0 v 7 j=m+l w/ 



Let 



and 



r = {a | m < wt(a) < n/2 - m, a G F^ 2 } (34) 



T 1 = {c\m< wt(c) <n/2-m, c G ¥%}. (35) 



Let be any subset of F^ 2 with 



n/2 , . 

m _ E »f _ ,r | 

i=m+l ^ 7 



(36) 
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Let K = F T 2 t/2 \ % and 3?i = K x F 2 /2 fe . Let OCTi with |Q| = |»i| and for any /3 G ft, /3 C G 0, 
where /? c is the complementary vector of f3, i.e. f3 + /3 C = (11 • • • 1). Denote by ipo any bijective 
mapping from to To, Y>i any bijective mapping from 3ft i to Q. Then we construct the function 
/' G £? n as follows: 

;/ ( ibJX' /0 ) ■ X" /0 ifX' G» , x 

ft Y \ J n/2/ n/2 n/2 u (t^7\ 

f {Xn) - \ mxL) ■ 4 if^^i. (37) 

Theorem 2: Let /' G F 2 be as in Construction 2. Then / satisfies SAC, and has the nonlin- 
earity 

Nfi = 2 n ~ 1 - 2 n ' 2 - 1 - 2 k '-\ (38) 
Let ipi(X' n _ k ,)j be the j-th component of ipi{X' n _ k ,), where 1 < j < k' . If 

MK-k')j = l (39) 

for some j, then the algebraic degree of /' is d = n — k' + 1. 

Proof: Similarly to the proof of Theorem 1, /' is an almost optimal (n,m,n — k' + l,Nfi) 
function with Ny = 2 n ^ - 2 n / 2 ~ 1 - 2 k '- 1 . Next we prove that /' satisfies SAC. 

A f (a) = {-l) f(Xn)(Bf(Xn+a) = U + Ui (40) 



where 



Uq = J2 Yl (-l)^ (X "/ 2) ' X "/2®^^/2 + </2X X n/2+</2) 

= (-l) MX '"/2 + </J</2 (-l) {V,0(X "/ 2)+V, ° {X "/ 2+Q "/ 2)>X "/2 (41) 



U\ = Yj X/ (-l) % ' 1 ^ n - k "~" k '™ Y1K ^ n - k '~ r " n - k " '^y^^yi 

= E (_ 1)^1 K-fc' +<-»=')•<' E (-i)^K-k>Wi(K-k>+<-k')> x k' (42) 

x' n/2 e9ti X '^& k ' 
When wt(a) = 1, to compute Uq, there exists two cases to be considered: 

Case 1: wt(a' n ^ 2 ) = 1 and wt(a'^ 2 ) = 0. Since a' n / 2 and i>o is an bijection from 3?o to To, 
we have 

MK/2) + MK/2 + </2)*o (43) 



It follows that 



j2 (-i)^( x n /2 )+^(^ /2 +< /2 )).x;' /2 = (44) 



X n/2 6 *2 
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Then, U = 0. 

Case 2: wt(ct' n , 2 ) = and wt{a!^, 2 ) = 1. In this case, 



U = 2 n ' 2 - Y< (-l) MX »' a) <" (45) 
Due to the fact that for any (3 G f2, /3 C € f2, we have 

l{x; /2 1 Vo(^; /2 ) • < /2 = o,x; /2 g 5? }| = |{x; t/2 1 v « /2 ) • < /2 = i,< /2 e k }| (46) 

Thus, C/q = 0. 

So, C/q = when wt(a) = 1. Similarly, £7i = when iot(a) = 1. Hence, Ay (a) = when 
wt(a) = 1. /' satisfies SAC. □ 

3.4 Degree optimization 

The algebraic degree of any (n,m,d, Nt) function / obtained in Construction 1 can be optimized 
by adding a monomial £j m+2 • • • Xi k „ to one subfunction 

g = 4> 1 (5) ■ X k u = Xi ± © Xi 2 © • • • © Xi m+1 © K x im+2 1 x i m +3 > " ' > x « fe " ) (47) 

where 5 € E\ and / £ Bk"- m -i is a linear function. It is not difficult to prove that the nonlinearity 
of the degree optimized function /" is equal to Nf, or Nf — 2 m+1 . To ensure that Ntn = Nf 
under certain condition, we below propose a method to optimize the algebraic degree of the GMM 
functions. This idea has been considered by Pasalic in [17] . and later also be used in pQ. 

Construction 3: Let n > 12 be an even number, m be a positive integer such that there exists 
an integer k" with 

k " - „ ™v {s 1 2 "'"' • £ (t ) s £ G) - 2 *~"" + 1} - (48) 

' i=0 v 7 j=m+l VJ/ 

Let 

{il,*2) • • • u {im+2,im+3, • ■ ■ ,ik"} = {ra - + 1, n - + 2, • • • ,ra} 

and 

r{ = {c|cGFf, wt(c)>m, (c h ,c l2 ,--- , a m+1 ) + (11 • • • 1)} (49) 

where c = (c n _fc" + i, c n ^y'+2-, • • • -,c n ). Eq, T\, and (f>o are defined as in Construction 1. Let 
E[ = Eq x F 2 ^ 2 fc . For any fixed 5 E E[, is any injective mapping from E[ \ {5} to T{, and 0'/ 
any mapping from {5} to Ti\T[. We construct the function /" G as follows: 



/"(*n) 



#(*U»)-*&. ^U»e^\{5} (50) 

, 4>'[ (X' n _ k „) ■ X k „ + Xi m+2 ■ ■ ■ Xi yi , X n _ k „ = 5. 



Theorem 3: A function /" G F 2 is proposed by Construction 3. Then /" is an almost optimal 
(n,m,n — m — l,Nf») function with 

Nfn = 2 n ~ l - 2 n ' 2 - 1 - 2 k "-\ (51) 
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Proof: Since the term x\ ■ ■ ■ x n _/ c //Xj m+2 • • • Xi yi appears in the ANF of /", we have 

deg(f") = n — m — 1. 
For any ui = (wi, • • • , uj n ) € FJf we have Wf (u) = Sq + S[ + S'{ where 



S Q = V" (_1)( W 1 "*> W n/2>*; /2 ^ (-_ 1 )(</ , o(^/2) + ( W n/2+l'-^n))-X;' /2 



^'/2 eF 2 /2 



0, < wt(o; n /2 + i, • • • ,w n ) < m 

±2™/ 2 , m + 1 < urt(w n / 2+1 , • • • ,oj n ) < n/2 



^^(^'■■■' UJ n-k")- X ' n - k 'i (_l)(^ 1 ( X l-fc") + ( a; «-fc" + l''"' Wn ))' X fc" 

X' n _ k eE[\{S} X»,&? 

0, < wt(Lu n - k » + i, ■ ■ ■ ,LJ n ) < m 
±2 fc , m + 1 < wt(uj n ^k"+i: ' ' ' > w n ) < ?i/2 



Then clearly, 



Sx + 



So we have 



From (j3|), 



0, 

_l_2 m +2 
±(2 fc ' 



(w n -fc»+l, 
(w n -jfc"+l, 



^ im+1 ) ¥= (1 
,w im+1 ) = (1 



,1) 
,1) 



r 0, 



< wt(u) n - k n + x, ■ ■ ■ , u n ) < m 

(w n _ A .// +1 , • • • ,U> n ) / 0i (5), (Wi 15 ' ' ' ,W im+1 ) = (1 

±(2 fc " - 2 m + 2 ), (w n _ fc « + i, • • • ,w n ) = #{{$) 
±2 fc ", else. 



max|W>(u;)| = 2 n / 2 + 2 A 



AT r = 2 n_1 - 2 n/2_1 - 2 fc "~ 1 . 



When < wt(u) < m, we always have 

< wt(u} n / 2+ x, ■■■ ,uj n ) <m 

and 

< wt(u n -k"+l, ■■■ ,w n )<m. 
From (|52p and ()55p . Wf(u)) = 0. By Lemma 1, f" is an m-resilient function. □ 
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4 Construction of almost optimal m-resilient functions on n vari- 
ables (n odd) with nonlinearity > 2" 1 — 2^ n ~ 1 ^ 2 

For odd n, 15-variable Boolean functions with nonlinearity 16276 were constructed by Patterson 
and Wiedemann (PW) [22] . Recently, 9- variable Boolean functions with nonlinearity 242 were 
found by Kavut and Yiicel (KY) [21]. We will use PW functions (or KY functions) to construct 
m-resilient functions with nonlinearity greater than > 2 n_1 — 2^ n ~ 1 ^ 2 for odd n. 

Theorem 4'- Let n = no + 15 (respectively n = uq + 9) where no be even, and m, k be positive 
integers such that 

k = min {s | 2 n ^ 2 ~ s • V ( m/2 ) < V (*)} < n /2 - 3. (56) 

m<s<n /2 V ! / .^W 

It is possible to construct an almost optimal m-resilient functions / £ B n with 

Nf = 2 n ~ l - 2 i - n - 1 ^ 2 + 5 • 2 n "/ 2+2 - 27 • 2 fe+2 



(respectively N f = T~ x - 2^ n ~ 1 ^ 2 + 2 n °/ 2+1 - 7 • 2 fc+1 ) 

Proof: If (|56l) holds, then we can construct an (fi 0) ffl,-,2" rl - 2 n °/ 2 - 1 - 2 k - 1 ) function 
fo € B no by the method proposed in Construction 1 (Note that examples can be found in Appendix 
1). Let g € B\§ be a PW function, and / £ B n defined by 

f(X n ) = f (X' no )®g(X'{ 5 ). 

We can easily deduce that 

N f = 2 n_1 -1/2- (2 no -2iV /o )(2 15 -2Ag 
_ 2 n_1 — 2^ n— + 5 • 2 n °/ 2+2 — 27 ■ 2^ 2 
2 n— ^ 2^ n ~ ^)/ 2 

When g € 09 be a KY function, the proof is similar. □ 

Let n m be the minimum no such that the nonlinearity of the m-resilient functions / E 'Bn m +i5 
(or / £ £>n m +9) constructed above is strictly greater than 2 n_1 — 2^™ -1 ^ 2 . By using the information 
in Appendix 1, we have 



m 


1 


2 


3 


4 


5 


6 


7 


8 


9 


10 


n m 


20 


26 


32 


38 


42 


48 


52 


58 


62 


68 


n m + 15 


35 


41 


47 


53 


57 


63 


67 


73 


77 


83 


n m + 9 


29 


35 


41 


47 


51 


57 


61 


67 


71 


77 



5 Construction of multiple-output almost optimal resilient func- 
tions F : F2 1— > F2 (n even) with nonlinearity > 2 n 1 — 2™/ 2 

Constructing multiple-output resilient functions with high nonlinearity has received attention since 
mid-1990s [23] [24] [25] [26] [27] [28] [29] [30]. To the best of our knowledge, the nonlinearity of the 
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71-1 



multiple-output resilient functions on F 2 obtained by the existing constructions is at most 2 
2L n / 2 J _ j n this section, we present a technique on constructing an m-resilient function, F : F 2 1— > F 2 
(n even) with nonlinearity 2 n_1 — 2 n / 2-1 — 2 k ~ 1 where k < n/2. 

Definition 3: The nonlinearity of F = (/1, /2, ■ ' ' > fr), denoted by Np, is defined as [31] 

Np = min Nr 

ceFT 2 \{0} 

where / c = ^[=1 c = (ci, • • • , c r ) € F r 2 . F is said to be almost optimal if N F > 2 n - 1 - 2^ . 

Lemma 2 ([24]): A function F = /2, • • • , / r ) is an m-resilient function if and only if for 
any c = {c\, ■ ■ ■ , cv) 6 F 2 \ {0}, / c = X)i=i c «/« ^ s an w-resilient function. 

Definition 4 ([21]): A set of [n, k] linear codes {Ci, C2, • • • , C s } such that 



Q n Cj = {0}, 1 < t < j < s 



(57) 



is called a set of [n, /c] disjoint linear codes. Let d% be the minimum weight of the nonzero code 
vectors in Ci, < i < s. {C%, C2, • • • , C s } is called a set of [n, k, > d*] disjoint linear codes, where 
d* = minjcZi, d 2 , ■ ■ ■ , d s }. 

Construction 4 : Let n > 12 be even and r,m < [n/4:\ be positive integers. Let C = 
{Ci, ■ ■ ■ ,C U } be a set of [n/2, r, > m + 1] disjoint linear codes with u as large as possible, and 
associate to each code a mapping pi : i->- Ci, 1 < i < u, so that 

(6 , 61a, • • • Iw-ia™" 1 ) ^> 6o^B + • • • + frm-iC-i ( 58 ) 

where a is primitive in F2>- and 0q,- ■ ■ , ^L-i * s a basis of Cj. Define the matrix A{ by 

/ Pl (l) w (a) ... Piia^ 1 ) \ 



Pi(a) Pi(a 2 ) 



Pi{a 



Let C" = {C[, • • • , C£} be a set of [s, r, > m + 1] disjoint linear codes with v as large as possible, 
and associate to each code a mapping qj : F2>- i->- Cj, 1 < j < v, so that 

(6 , h(3, ■ ■ ■ 6 m _ 1 /3 m ~ 1 ) 3> + • • • + (59) 
where /3 is primitive in F2' and tjq, ■ ■ ■ , ff m —i 1S a basis of C'-. Define the matrix Bj by 



\ gj W 2r ~ 2 ) Qj (i) 



We define 



min {s j 2 n / 2 - s • (2 n / 2 - u ■ (2 r 

m<s<n/2 



1)) < v ■ (2 r - 1)} 



(60) 
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Let Eq = {ei, e2, • • ■ , e K } be any subset of F^ 2 with k = |£b| = u ■ (2 r — 1). Let £b = F 2 /z \i?o an d 
Ei = £o~xF 2 /2 ~ fc = {ei,e 2 , • • • ,e A } with A = 2™/ 2 - s -(2 n / 2 -u-(2 r -l)). Define T = A 1 UA 2 U- • -UA U 
and T\ = B\ U i?2 U • • • U B u . For 1 < i < r, let tpi be an injective mapping from I?o to To such that 

\A T U ) T . 



n/2 , 



/ Vi(ei) ^(ei) ... Vv(ei) \ 
^i(e2) ^2^2) ••• Vv(e2) 



\ ^i(e«) ^2(e K ) • • • Yv(e K ) / 
Let ifi be an injective mapping from E\ to T\ such that 

/ c^i(ei) <p 2 (ei) ... ^r(ei) \ 
^1(^2) ¥2(^2) ••• ^>r(e 2 ) 

V Vi («a) <P2(e\) ••• Vr(eA) / 



where (BflBj] ■ ■ ■ \B^) T denotes that some rows of (Bj\Bj\---\B^) T may be deleted to be of size 
A x r. We now construct the a function F : F 2 h-> F 2 by 



F(X n ) = f 2 (X n ), ■■■ , / r (X n )) 



where 



fi(X r , 



MK/2) ■ K/2 iiX 'n/2^ E ■ 



1,2,--T. 



(61) 



Theorem 5: Let F : F 2 F 2 be as in Construction 4. Then F is an almost optimal m-resilient 
function with 



N F 



•,n—l 



2n/2-l 



->fc-l 



(62) 



Proof: Let Y> c = ciV'i + £2^2 + • • • + c r Vv where c = (ci, ■ ■ ■ , c r ) G F 2 \ {0}. For z = 1,2,--- , r, 
ipi is injective, it is not difficult to prove that V'c is injective. Similarly, (p c = cupi + c 2 ip 2 + • • • + c r (p r 
is injective. Let a = (p',0") = {i G F£, where 7' G F 2 l ~ fc , 7" G F§, and /?', (3" G F 2 /2 . Then 



where 



U 



W fc {a) = ^2 {-l) MXn)(Ba - Xn = U + U 1 



j2 Yl (-i) v ' c{x; / 2>x:: / 2e(/3 '* /3 " Hx; / 2 * x;: / 2 ) 
^2 {-if- x '^ Yl {-\) (MX '^ )+P " yx '^ 



(63) 

(64) 
(65) 



K/2^ 



K/2^2 



i/2 



and 



(66) 
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When ip = 0, we have Uq = 0; or else 



U = 



Similarly, 



C/i G {0,±2 fc }. 



We have 



VF /c G {0, ±2 fe , ±2 n / 2 , ±(2 n / 2 - 2 fe ), ±(2 n / 2 + 2 fc )}. 



Then 




From Definition 2, 




2 



Noticing that for any (5" G Tq, 7" G Ti, we always have wt(f3") > m + 1 and wt(j") > m + 1. 
With the similar proof as in Theorem 1 (see Case 1), we can obtain that / c is an m-resilient function. 
By Lemma 2, F is an m-resilient function. □ 

6 Conclusion and open problems 

In this paper, we present a generalized Maiorana-McFarland (GMM) construction method to obtain 
almost optimal resilient functions with a nonlinearity higher than that attainable by any previously 
known construction method. The following problems are left for future work. 
Conjectures: 

1) Let n > 12 be even and m < \n/4]. For any (n,m, —,Nf) function / G B n , Nf < 2 n_1 — 
2*1/2-1 _ 2l«/ 4 J+ m - 1 

2) Let n > 12 be even and [~n/4] < m < n/2 — 2. For any (n,m,—,Nf) function / G B n , 
Nf < 2 n_1 - 2 n / 2 ' 1 - 2 m+1 . 

3) Let n > 12 be even and m < n/2 — 2. If F : F2 1-^ is a multiple-output function with 
nonlinearity N F > 2 n ~ l - 2 n / 2 , then m + r <n/2-l. 
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Appendix 1: Examples of (n, m, n — k + 1, 2 
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2*1/2-1 
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resilient functions. 
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73 


87 


101 


154 


284 



















m 


= 100 
















n 


428 


500 


600 


1000 


2000 


3000 


4000 


5000 


6000 


7000 


8000 


10000 


20000 


30000 


40000 


50000 


k 


213 


245 


287 


429 


733 


1013 


1285 


1551 


1814 


2076 


2336 


2852 


5402 


7932 


10452 


12968 
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Appendix 2: Examples of GMM resilient functions, where n is the minimum value such that the 
nonlinearity of an m-resilient function is 2 n ~ 1 — 2 n / 2 ~ 1 — 2 n / 2 ~ 2 . 













N f = 2"- 1 - 


2«/2-l 


_ 2"/2-2 












m 


1 


2 


3 


4 


5 


6 


7 


8 


9 


10 


11 


12 


13 


14 


15 


n 


12 


16 


20 


12 


30 


34 


38 


44 


48 


52 


56 


60 


64 


70 


74 


m 


16 


17 


18 


19 


20 


21 


22 


23 


24 


25 


26 


27 


28 


29 


30 


n 


78 


82 


86 


90 


94 


100 


104 


108 


112 


116 


120 


122 


128 


134 


138 


m 


31 


32 


33 


34 


35 


36 


37 


38 


39 


40 


41 


42 


43 


44 


45 


n 


142 


144 


150 


154 


158 


162 


166 


170 


176 


180 


184 


188 


192 


196 


200 


m 


46 


47 


48 


49 


50 


51 


52 


53 


54 


55 


56 


57 


58 


59 


60 


n 


204 


208 


212 


216 


222 


226 


230 


234 


238 


242 


246 


250 


254 


258 


262 


m 


61 


62 


63 


64 


65 


66 


67 


68 


69 


70 


71 


72 


73 


74 


75 


n 


266 


270 


276 


280 


284 


288 


292 


296 


300 


304 


308 


312 


316 


320 


324 


m 


76 


77 


78 


79 


80 


81 


82 


83 


84 


85 


86 


87 


88 


89 


90 


n 


326 


334 


338 


342 


346 


350 


354 


358 


362 


366 


370 


374 


378 


382 


386 


m 


91 


92 


93 


94 


95 


96 


97 


98 


99 


100 












n 


390 


396 


400 


404 


408 


412 


416 


420 


424 


428 
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